Integrate IoT Security through Cortex XSOAR with SIEM
to send it device details, alerts, and vulnerabilities.
Palo Alto Networks IoT Security supports security
information and event management (SIEM) logging, which allows you
to send information about discovered devices, security alerts, and
device vulnerabilities to your SIEM server for further actions.
IoT Security integrates through Cortex XSOAR with any SIEM that
supports the CEF format.
After the setup is complete, you
initiate an initial export of the entire device inventory from IoT
Security through XSOAR to the SIEM server. After that, XSOAR requests
incremental updates at 15-minute intervals. IoT Security determines
if there are any newly discovered devices, alerts, or vulnerabilities,
or if there are changes in any attribute fields of previously discovered
devices in the past 15 minutes and, if found, responds with an update.
In contrast to these periodic automated updates, IoT Security sends
user-initiated commands to send security alerts and device vulnerabilities
the setup is complete, XSOAR makes an initial request to IoT Security
for its entire device inventory. After that, XSOAR periodically
requests incremental updates at 15-minute intervals. IoT Security
determines if there were changes in any of device attribute fields
since the previous update and, if found, responds with a delta.
XSOAR and IoT Security apply the same logic for security alerts
Integrating with SIEM requires the purchase
and activation of
a third-party integration add-on. The basic integration plan includes
a license for three integration add-ons, one of which can be used
for SIEM. The advanced plan includes a license for all supported